MSE took so long to remove 3 types of Sirefef


  1. Posts : 135
    Windows 7 Ultimate x64 SP1
       #1

    MSE took so long to remove 3 types of Sirefef


    Greetings Sires and mi Ladies,

    Please provide your expert advice on this:

    My Dad's laptop keep restarting after a BSOD but was okay after opting for "last known good configuration" by pressing F8 BUT! It restarted with MSE's warning that PC is infected, so I didn't immediately clicked MSE's "clean button" but opened MSE's GUI and ran a full scan. This scan of course already took almost 1 hour so I went to sleep. I woke up later at around 1640 hours and found that MSE already finished scanning and got the following infections to which I immediately clicked "clean computer"
    1. TrojanDropper:Win32/Sirefef.B
    2. Trojan:WinNT/Sirefef.J
    3. Trojan:Win32/Sirefef.AH


    The time now is 1918 hours and MSE is still running, trying to remove the infection. I am beginning to think that MSE (because it is not yet updated) will not be able to remove these infections. I will leave it till 2200 hours before forcing shut down but in the mean time please advise. Any tips and tricks and views and opinions including everything in between are all welcomed.

    regards to you all and God Bless,

    Zeamann.
      My Computer


  2. Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       #2

    From a security point of view, when a system is compromised by a rootkit, the safest option is to do a clean install. That would be the recommended action being that you have 3 rootkits. Even if you remove the rootkits, it's doubtful your PC can be trusted again and any remnants of the virus can cause problems down the road.

    Clean Install Windows 7

    Technical information:

    http://www.microsoft.com/security/po...64%2FSirefef.W

    If this is not an option:

    Eset has a removal tool which may work:

    http://www.eset.eu/encyclopaedia/win...-trojandropper

    Another option is Windows Defender Offline:

    http://windows.microsoft.com/en-US/w...fender-offline

    Depending on the variant you have, it may remove the infection. However, the newer versions of this rootkit are tougher to remove. You can also try TDSSKiller.

    There has been a new tool released which has had mixed success at removing this bug:

    http://blog.webroot.com/2011/08/03/n...ccess-goodbye/

    If this does not remove it, please see this link for manual removal of this bug:

    How to Remove TR/Sirefef.BV.2 If Combofix & TDSSKiller Won’t Work? - Malware Removal - Malware Info
    Last edited by Borg 386; 15 Jun 2012 at 09:35.
      My Computer


  3. Posts : 135
    Windows 7 Ultimate x64 SP1
    Thread Starter
       #3

    Borg 386 said:
    From a security point of view, when a system is compromised by a rootkit, the safest option is to do a clean install. That would be the recommended action being that you have 3 rootkits. Even if you remove the rootkits, it's doubtful your PC can be trusted again and any remnants of the virus can cause problems down the road.

    Clean Install Windows 7

    Technical information:

    Encyclopedia entry: Trojan:Win64/Sirefef.W - Learn more about malware - Microsoft Malware Protection Center

    If this is not an option:

    Eset has a removal tool which may work:

    http://www.eset.eu/encyclopaedia/win...-trojandropper

    Another option is Windows Defender Offline:

    What is Windows Defender Offline?

    Depending on the variant you have, it may remove the infection. However, the newer versions of this rootkit are tougher to remove. You can also try TDSSKiller.

    There has been a new tool released which has had mixed success at removing this bug:

    New Tool Released: Kiss (or Kick) ZeroAccess Goodbye « Webroot Threat Blog

    If this does not remove it, please see this link for manual removal of this bug:

    How to Remove TR/Sirefef.BV.2 If Combofix & TDSSKiller Won’t Work? - Malware Removal - Malware Info
    Thank you so very much Borg for a very thorough guidance. I am going to try the clean install as I have backed up all critical personal files and/or documents.

    Thank you again and God Bless,

    Zeamann.
      My Computer


  4. Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       #4

    That's the best course to take . One word of advice, scan all your personal files thoroughly before you put them back on the system to make sure they're not infected. You can submit files up to 32MB to VirusTotal, where they will be scanned by multiple AV's. Or scan your storage medium with MSE once it's back on your PC.

    https://www.virustotal.com/
      My Computer


  5. Posts : 135
    Windows 7 Ultimate x64 SP1
    Thread Starter
       #5

    Borg 386 said:
    That's the best course to take . One word of advice, scan all your personal files thoroughly before you put them back on the system to make sure they're not infected. You can submit files up to 32MB to VirusTotal, where they will be scanned by multiple AV's. Or scan your storage medium with MSE once it's back on your PC.

    https://www.virustotal.com/
    Thank you for the tip Borg. I did just what you mentioned but both on my and Dad's machines prior opening the external drive after backing files into it.

    Thanks again and God Bless,
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 03:16.
Find Us